我想加入两条路:
var path = require('path');
path.join(root, requestPath);
如何阻止../../../../../etc/passwd之类的路径?什么是最佳做法?
var isMalicious = function(path, root) { /* HOW TO */ };
答案 0 :(得分:0)
Gumbo说的很多。这是一个代码示例:
var path = require('path');
var root = '/var/www/app/';
var path = require('path');
var filename = path.join(root, requestPath);
if (filename.indexOf(root) !== 0) {
// someone is trying to break out of root!
}
对于更多安全问题,这是值得一读的。 How can I secure my code?